In message <560e00d4.7090...@invaluement.com>, Rob McEwen writes: > On 10/1/2015 11:44 PM, Mark Andrews wrote: > > IPv6 really isn't much different to IPv4. You use sites /48's > > rather than addresses /32's (which are effectively sites). ISP's > > still need to justify their address space allocations to RIR's so > > their isn't infinite numbers of sites that a spammer can get. > > A /48 can be subdivided into 65K subnets. That is 65 *THOUSAND*... not > the 256 IPs that one gets with an IPv4 /24 block. So if a somewhat legit > hoster assigns various /64s to DIFFERENT customers of theirs... that is > a lot of collateral damage that would be caused by listing at the /48 > level, should just one customer be a bad-apple spammer, or just one > legit customer have a compromised system one day.
A hoster can get /48's for each customer. Each customer is technically a seperate site. It's this stupid desire to over conserve IPv6 addresses that causes this not IPv6. > Conversely, if a more blackhat ESP did this, but it was unclear that > this was a blackhat sender until much later.. then LOTS of spam would > get a "free pass" as individual /64s were blacklisted AFTER-THE-FACT, > with the spammy ESP still having LOTS of /64s to spare.. remember, they > started with 65 THOUSAND /64 blocks for that one /48 allocation (Sure, > it would eventually become clear that the whole /48 should be blacklisted). > > other gray-hat situations between these two extremes can be even more > frustrating because you then have the same "free passes" that the > blackhat ESP gets... but you can't list the whole /48 without too much > collateral damage. > > SUMMARY: So even if you moved into blocking at the /64 level, the > spammers have STILL gained an order of magnitudes advantage over the > IPv4 world.... any way you slice it. And blocking at the /48 level WOULD > cause too much collateral damage if don't indiscriminately. > > And this is assuming that individual IPs are NEVER assigned individually > (or in smaller-than-/64-allocations) . (maybe that is a safe assumption? > I don't know? regardless, even if that were a safe assumption, the > spammers STILL have gained a massive advantage) > > -- > Rob McEwen > +1 478-475-9032 > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org